From e3a33ef0e418a30a0c7e8141b34bbcc6f4013ffc Mon Sep 17 00:00:00 2001
From: Patrick Toal <ptoal@takeflight.ca>
Date: Sat, 2 Dec 2023 08:51:16 -0500
Subject: [PATCH] Tidy up lint errors

---
 .vscode/settings.json               |  4 +++-
 files/podman-compose.yml            |  6 ++++++
 install.yml => install_appwrite.yml | 21 ++++++++++++++-------
 3 files changed, 23 insertions(+), 8 deletions(-)
 rename install.yml => install_appwrite.yml (75%)

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 9e26dfe..9d14cfb 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1 +1,3 @@
-{}
\ No newline at end of file
+{
+    "ansible.python.interpreterPath": "/bin/python"
+}
\ No newline at end of file
diff --git a/files/podman-compose.yml b/files/podman-compose.yml
index 656089e..a6929c8 100644
--- a/files/podman-compose.yml
+++ b/files/podman-compose.yml
@@ -20,6 +20,12 @@ services:
       - --providers.docker.constraints=Label(`traefik.constraint-label-stack`,`appwrite`)
       - --entrypoints.appwrite_web.address=:80
       - --entrypoints.appwrite_websecure.address=:443
+      - --entrypoints.appwrite_websecure.forwardedHeaders.trustedIPs=10.0.0.0/8
+      - --entrypoints.appwrite_websecure.proxyProtocol.trustedIPs=10.0.0.0/8
+#      - --entrypoints.appwrite_web.forwardedHeaders.trustedIPs=192.168.2.1/32
+#      - --entrypoints.appwrite_web.proxyProtocol.trustedIPs=192.168.2.1/32
+#      - --entrypoints.appwrite_websecure.forwardedHeaders.trustedIPs=192.168.2.1/32
+#      - --entrypoints.appwrite_websecure.proxyProtocol.trustedIPs=192.168.2.1/32
       - --accesslog=true
     restart: unless-stopped
     ports:
diff --git a/install.yml b/install_appwrite.yml
similarity index 75%
rename from install.yml
rename to install_appwrite.yml
index e4ce06a..5688906 100644
--- a/install.yml
+++ b/install_appwrite.yml
@@ -7,13 +7,14 @@
     - name: Update all packages to latest
       ansible.builtin.dnf:
         name: "*"
-        state: latest 
+        state: latest
+        update_only: true
 
     - name: CodeReady Builder Repo Enabled
       community.general.rhsm_repository:
         name: "codeready-builder-for-rhel-9-{{ ansible_architecture }}-rpms"
         state: enabled
-         
+
     - name: EPEL GPG Key installed
       ansible.builtin.rpm_key:
         key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
@@ -22,12 +23,12 @@
 
     - name: Dependencies are installed
       ansible.builtin.dnf:
-        name: 
+        name:
           - podman
           - https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
-        state: latest
+        state: present
 
-    - name: podman-compose installed
+    - name: Ensure podman-compose installed
       ansible.builtin.dnf:
         name:
           - podman-compose
@@ -36,14 +37,20 @@
   hosts: bab1.mgmt.toal.ca
   tasks:
 
-    - name: podman socket enabled
+    - name: Ensure podman socket enabled
       ansible.builtin.systemd:
         name: podman.socket
         scope: user
         enabled: true
         state: started
 
-    - name: appwrite image pulled from docker hub
+    - name: Ensure appwrite image pulled from docker hub
       containers.podman.podman_image:
         name: docker.io/appwrite/appwrite
         tag: 1.4.13
+
+    - name: Ensure podman-compose.yml deployed
+      ansible.builtin.copy:
+        src: podman-compose.yml
+        dest: /home/ptoal/appwrite
+        mode: '0644'